Method of controlling exchanges of data between two applications, namely a client-type application and a server-type application respectively

ABSTRACT

The invention relates to a method of controlling exchanges of files or other transferable objects between two applications, namely a client-type application and a server-type application respectively, using a TCP/IP FTP-type protocol or similar. One of said applications is an FTP-type application while the other is either an FTP-type application or a compatible application. The inventive method makes use of a Hyperserver application which is executed on a host platform and which performs the role of intermediary between the two applications in transfer protocol negotiations and in the transfer of files or other transferable objects.

[0001] The patent concerns a method for the control of data exchange between two applications, client and server type respectively, according to FTP of TCP/IP (RFC 959 1579) or analogous protocol type, wherein:

[0002] TCP/IP (“Transmission Control Protocol”)/(“Internet Protocol”) is a set of transmission protocols used on Internet network,

[0003] FTP (“File Transfer Protocol”) is a TCP/IP file transfer protocol used on Internet and on enterprise TCP/IP networks, Intranet, as well,

[0004] RFC (“Request For Comment”) is a naming way of TCP/IP protocols,

[0005] The server and client applications are specifically those of FTP protocol or they've ability to generate a data flow compatible with the protocol.

[0006] The object of the patent is, especially but not exclusively, a method implementing a Hyperserver application which is executed on a host (computer) platform and works as intermediary between two applications where one of them is of FTP type whereas the other one is either of FTP type or a compatible one, to lead formal transfer negotiations and transfers themselves as well.

[0007] The Hyperserver application is provided with a means, which permit to have a visibility and an ability to interpret and translate all exchanged information whatever the execution environment of execution is. This position of the Hyperserver application enables it, not only to passively follow all exchanges but also to control them interfering in those exchanges depending on a control rules which will be imposed and defined in its data bases with applications-partners and transfer profiles directories.

[0008] To reinforce and extend its capacities of supervising and control beyond of its own execution platform, the method according to the invention may comprise an agent applications on a FTP (or compatible) application's execution platforms. Depending on the control rules and on agent applications deployment, all or only a part of FTP type (or compatible) applications population can be fully controlled. This population (or part of it) will be called here “controlled population”. All FTP type (or compatible) applications, which do not get the advantage of the Hyperserver application control is named “common placed population” further in the presentation. Both populations may be part of the same IP network or may reside in two different networks and, in the second case, the Hyperserver application has to reside in the network of the controlled population and be accessible for applications of common placed population.

[0009] Being executed on an Intranet host and being the only and obligatory passing through point for Intra/Internet exchanges, the method according to the invention enables to carry out transfers ensuring the security and the confidentiality for the data sheltered in the Intranet network.

[0010] Moreover, it ensures functions of a powerful, centralized monitor of files or other transferable objects transfers. In this case the FTP type (or compatible) applications of Intranet network set up the controlled population and Internet partners play a part in common placed population.

[0011] In this environment, the security and the confidentiality of the Intranet network as a whole may be preserved by the method according to the invention because the host names of the network, the files (or other transferable objects) directories and their physical names may remain invisible for the external partners of Intranet. Depending on the rules of physical file's (transferable object's) names and FTP or FTP compatible types server hosts' names attribution, external partners need only to know identifications of file transfers and connections profiles data bases entries, defined below and among this identificators, only those, which are accessible for the identified and authenticated requestor.

[0012] Hyperserver application is an intermediate application, which has full control and visibility of all formal negotiations and files (or other transferable objects) data exchanged by communicating applications. Thereby, and independently of its execution environment, Hyperserver application has all necessary information to ensure the monitor functions like supervision, statistics and interactions with operators or another application.

[0013] More accurately, according to the invention the method may implement:

[0014] a common placed population of hosts residing in a IP network and having an access to Hyperserver application and sheltering:

[0015] application of FTP type or able to generate data flow compatible with FTP protocol,

[0016] files or other transferable objects identifiable and visible for this applications,

[0017] Hyperserver application being executed on an host having an access to FTP type or compatible applications described above and disposing of:

[0018] a database with directory of controlled and common placed hosts indicating communicating applications with their IP addresses and their lists of users authorized to access to them and their authorization attributes if necessary (BDH),

[0019] a database with files or other transferable objects transfer profiles directory (BDP),

[0020] Hyperserver application central “LOG” file (LGH), containing transfer event log records,

[0021] Hyperserver application central journal file (JRH), containing transfers summary information records,

[0022] Controlled population of hosts residing in IP network and sheltering:

[0023] Application of FTP type or able to generate data flow compatible with FTP protocol,

[0024] Files or other transferable objects identifiable and visible for this applications,

[0025] Hyperserver agent applications disposing eventually of their own “LOG” and journal files.

[0026] It's convenient to note that the controlled population of hosts with those which shelter Hyperserver application may be a set of computers and files of an enterprise constituent an company's Intranet network. The BDP database with file transfer profiles with FTP or compatibles applications constitute for Hyperserver application the file access system in the terms of FTP model. The common placed population may be, in this case, a set of computers accessing via Internet to Hyperserver application to transfer files with enterprise hosts under Hyperserver control.

[0027] BDH database contains all information needed by Hyperserver application to:

[0028] Identify and/or authenticate transfer requester,

[0029] Identify and/or access to addressed application respecting authentication rules,

[0030] Eventually determine the rules of encryption to be used depending on identified requester and addressed partners,

[0031] Identify and locate the Hyperserver agent application assigned for the connection part in the controlled environment,

[0032] Eventually identify methods to be executed at the beginning and/or at the end of the connection, etc.

[0033] The BDP database defines files or other objects transfers profiles and scenarios using following attributes, in particular:

[0034] location of files or other objects to be sent or received, and/or

[0035] their name or the method of naming, and/or

[0036] their access method, and/or data type, and/or their code,

[0037] and, eventually:

[0038] methods and scenarios to be executed at the beginning and/or during and/or at the end of transfer and/or their place of execution, and/or

[0039] criterions and attributes of access authorization to files of other transferable objects.

[0040] It is to be noted that except FTP type applications which are the partners of exchanges, the only application having access to the file (other object) transferred data is Hyperserver application. This capacity enables Hyperserver to eventually act on them executing during transfer methods.

[0041] Hyperserver agent application implementation on each host of controlled application enables the local file transfer supervision. The agent application supplied with a Hyperserver application communication interface may recover information concerning files transfers from theirs execution location and/or receive Hyperserver application command to submit methods at the beginning or at the end of transfer under its own control.

[0042] In the preferred patent version, databases BDH and BDP may constitute local directories LDAP (“Lightweight Directory Access Protocol”) type of the controlled population network. LDAP is an open protocol and widely distributed which enables applications executing in heavily heterogeneous environment to access those directories without additional development.

[0043] For example, following presentation describe the progress of files transfer operations in Intranet/Internet environment where Hyperserver application ensures the supervision and the monitoring of file transfers at Intranet side.

[0044] Nothing prevent otherwise to imagine another Hyperserver application placed in Internet network generating FTP compatible flow and controlling file transfers of its' hosts population.

[0045] In this environment, the progress of operations of file transfer request coming from Internet is following:

[0046] FTP client type application requestor of Internet side opens the connection with Hyperserver application owing to the set of open connection commands specifying its user name, its password and eventually its authentication data as with any classical FTP server,

[0047] Depending of rules defined in the BDH directory, the information exchanged during this phase may be sufficient to determine the directory entry defining aimed Intranet side application's connection attributes (otherwise, additional command, for example FTP SITE command may be used to identify it),

[0048] The correlation between the client requester and the aimed server enables Hyperserver application to look for all information concerning the requester access authorities, eventual encryption and its key and, as well, eventual negotiation protocol and modalities the aimed server connection in the BDH database,

[0049] As soon as the protocol and modalities of the connection are known, Hyperserver application may open connection with the aimed application and to start to exchange commands eventually as planned by the protocol,

[0050] The negotiation going on the contains of one of FTP commands like “store”, “store unique”, “retrieve” etc. received by Hyperserver application has to enable it to identify a file transfer or other transferable objects profile which constitutes an entry of BDP directory,

[0051] The definition of determined profile enables Hyperserver application to verify the transfer direction, to identify the file to be transferred, its attributes, methods to be executed at the beginning, during and at the end of transfer, as well as the designation of the application under control of which the execution have to be done,

[0052] Only when the eventual transfer negotiations with aimed application leaded by the transfer profile are completed, Hyperserver application may acknowledge the transfer request received from client,

[0053] Two, FTP meaning “DATA” connections will be opened: one, between the FTP client and Hyperserver application and the other one, between Hyperserver application and the aimed application; the data received by Hyperserver application on the one connection will be sent on the other one eventually undergoing the treatment of “during transfer” method,

[0054] The execution of, eventual, at the beginning and at the end of transfer methods will be done under Hyperserver's agent application control of the host of the aimed application synchronously with the dialog between this application and Hyperserver application and by order of the last one,

[0055] LOG records (file in which all connection's, negotiation's and transfer's events are recorded) and journal (statistics file) generated by Hyperserver application will be written in LGH and JRH files and their copies will be sent to the concerned Hyperserver agent application to be written in local “LOG” and journal files.

[0056] In the case where the transfer request comes from a Intranet Host, it means from the controlled population”, the progress of the transfer method may be done symmetrically. Meanwhile it's known that the FTP transfer negotiation between the client and the server applications does not let pass to the server the name of the file to be transferred used at the client side.

[0057] Therefore when the request comes from Intranet side FTP client application, this FTP protocol particularity reduce files exchange supervision possibilities which may be awaited from Hyperserver application because it has none information concerning the file (or the object to be transferred) of its own domain of control.

[0058] In this case, it is preferable to use a feature of the method according to the invention, named “Direct Request of Transfer”).

[0059] In this functioning, when user sets a Direct Request of Transfer to the Hyperserver application, the progress of operations is as follows:

[0060] the request has to contain all information needed to determine the BDH directory entry and the one of BDP as well,

[0061] Using information found in the determined BDH entry, Hyperserver application will initiate, as a client, two connections: one with the FTP server type (or compatible application) at Intranet side and other one with FTP server type at Internet side,

[0062] Hyperserver application will negotiate two transfers according to information found in BDP entry(ies) and in the request itself; one of transfers will be a receiving and the other one transmission of files (or another transferable object),

[0063] Hyperserver application will forward the file data from its origin to its destination through two DATA type of FTP meaning connections or compatibles between Hyperserver application itself and two server applications,

[0064] Transfer profil(s) and other parameters of the Direct Request of Transfer enables Hyperserver application to determine files names at both sides and all transfer attributes and methods to be started at the beginning, during and at the end of transfer. 

1. Method for the control of files or other transferable objects exchanges between FTP type or compatible applications, being a membership of a controlled population, and FTP type applications being a membership of common placed population and being executed on different platforms, characterized by that it implements a Hyperserver application which is executed on a host platform which is able to communicate with applications of two populations being a memberships of the same or of different IP networks and which intervenes in formal transfer negotiations between each pair of applications exchange partners, one being a client and the other one server and, even in some cases, playing the part of intermediate client of two servers as well as in files or other transferable objects transfers themselves, depending on an interpretation and/or a translation of exchanged information peaces independently of application environment of each of applications pair, interfering in exchanges in accordance of control rules which are imposed to it and defined in application partners and transfer profiles directories databases.
 2. Method according to claim 1, characterized by that agent applications eventually disposing of their own “LOG” and journal files are implemented on execution platforms of said FTP type (or compatible) applications in a way to be able to control all or a part of the population of FTP or compatible type applications, the controlled FTP type (or compatible) applications population and the population of the set of FTP (or compatible) type applications not getting advantage of the Hyperserver application control, being a part of the same IP network or belonging to different networks, the Hyperserver application residing in that case in the controlled population network and being accessible for the common placed population applications, agent applications supplied with an interface of communication with the Hyperserver application to recover information peaces concerning file transfers of their execution location and/or to receive an order from the Hyperserver application to submit processes at the beginning or at the end of those transfers under its own control.
 3. Method according to claim 2, characterized by that applications of FTP type (or compatibles) of Intranet network constitute the controlled population and partners of Internet network play the part of the common placed population.
 4. Method according to the claim 3, characterized by that the Hyperserver application is executed on a Intranet network host, and that it constitute the only and obvious pass through point between this Intranet network and Internet network.
 5. Method according to claim 4, characterized by that the said Hyperserver application comprises means ensuring the encryption and decryption of exchanged information peaces Internet and/or Intranet side.
 6. Method according to claims 4 and 5, characterized by that the said Hyperserver application includes means to making invisible Intranet hosts' identification as well as theirs files and other transferable objects directories for external of Intranet partners, each user having to know only identifications of entries of the file transfer profiles and Hyperserver connections profiles database and, among those identifiers, only that accessible for identified and authenticated requesters.
 7. Method according to the one of preceding claims, characterized by that it implements: A common placed population of hosts residing in a IP network and having access to the Hyperserver application and sheltering: FTP type applications or applications able to generate a data flow compatible with FTP protocol, Files or other transferable objects identifiable and visible to those applications, An Hyperserver application being executed on an host having access to FTP type or compatible said applications and including: A controlled and common placed hosts directory database (BDH) designating communicating applications with their IP addresses and lists of users authorized to access them as well as authorization attributes if necessary, files or other transferable objects transfer profiles directory database (BDP), Hyperserver application central “LOG” file (LGH) containing transfer's events log records, Hyperserver application central journal file (JRH) containing transfers summary records, A controlled population of hosts residing in a IP network and sheltering: Applications of FTP type or being able to generate a data flow compatible with FTP protocol, Files or other transferable objects identifiable and visible for those applications, Hyperserver agent applications eventually supplied with their own “LOG” and journal files.
 8. Method according to claim 7, characterized by that BDH database contains all peaces of information necessary for Hyperserver application to: Identify and/or authenticate each transfer requestor and/or Identify and/or access the aimed application respecting its authentication rules and/or Determine eventually encryption rules to be used depending on identified requesters and addressee, and/or, Identifier and locate the agent application od the Hyperserver application assigned for the part of connection at the controlled environment and/or Identify eventually processes to be executed at the beginning and at the end of the connection.
 9. Method according to claims 7 and 8, characterized by that BDP database defines profiles and scenarios of files or other transferable objects transfers with the help of following attributes: Files or other objects to be send or received location, and/or Their name or naming method, and/or Their access method, and/or data type and/or the code and, eventually Processes and scenarios to be executed at the beginning and/or during and/or at the end of transfers and/or their execution place, and/or criterions and attributes of access authorization to files or other to be transferred objects.
 10. Method according to claim 7, characterized by that BDP databases constitute local LDAP (“Lightweight Directory Access Protocol”) directories of controlled population network.
 11. Method according to claim 7, characterized by that, in the case of a transfer request coming from Internet network, it comprises the following operations sequence: Opening of the connection with the Hyperserver application by the Internet network requesting client owing to a set of connection opening commands comprising a user name, a password and, eventually authentication data, Determination by the Hyperserver application of the BDH directory entry defining Intranet network aimed application connection attributes in the case where said peaces of information are sufficient keeping into accounts rules defined in the BDH directory, otherwise using of a supplementary FTP commands to enable to do it, Research done by the Hyperserver application in BDH database of all peaces of information concerning the requestor access authorities, the transfer protocol, connection's with aimed server modalities, the identification of the process to be executed at the beginning of the connection, as well as eventual start of said process or some number of processes. Opening of the connection with the aimed application by the Hyperserver application and the exchange of eventually planned commands as soon as it and connection modalities are known, Carrying out of the negotiation between the client requester and the Hyperserver application up to one of command types “store”, “store unique”, “retrieve” reception, Identification of a file or other transferable object transfer profile by the Hyperserver application which constitute an entry of BDP directory following a transfer command reception by the Hyperserver application, Verification by the Hyperserver application of transfer direction, of the identification of the file to be transferred, its attributes, eventual processes to be executed at the beginning, during and at the end of the transfer as well as the designation of applications under control of which they have to be executed owing to the definition of the determined profile, Acknowledgement, by the Hyperserver application, of the transfer request received from the client at the end of eventual negotiations of transfer leaded by the transfer profile with aimed application, Opening of two, FTP meaning, “DATA” connections to be seen: one connection between the FTP client and Hyperserver application and the other one between the Hyperserver application and aimed application, the data received by the Hyperserver application on one connection being afterwards sent to the other one application undergoing, eventually, said “during transfer” treatment, Execution of eventual at the beginning and/or at the end of transfer processes under the control of the Hyperserver agent application of the aimed application host, synchronized with the dialog between this application and the Hyperserver application, Closing of connections in progress with releasing of eventual end of connection processes, Recording of the events arrived during the sequence in corresponding files (LOG file) as well as statistic information in the journal Hyperserver application file and the transmission of records copies to the concerned Hyperserver agent application to be recorded in appropriated local files.
 12. Method according to claim 7, characterized by that, in the case of a transfer request coming from intranet network host, the request contains all the information needed to determine BDH directory as well as BDP directory entries and that it comprises the following operations sequence: Initialization by the Hyperserver application as a client of two connections, to be seen: a first connection with the server FTP type (or compatible application) on the Intranet network and a second connection with a FTP type server on the Internet network, this initialization using the information found in the determined BDH entry respecting identification, authorization rules applying necessary encryption functions and executing eventual at the start of connection process(es), Negotiation of two FTP transfers according to peaces of information found in BDP entrie(s) and in the request itself, one of transfers being a receipt and the other one transmission of the file or another transferable object, Releasing of eventual at the beginning of transfer process(es), the determination by the Hyperserver application of two side's file names and all transfer attributes as well processes to be released at the beginning, during and at the end of transfer owing to transfer profile and other request parameters, Forwarding by the Hyperserver application of file data from its origin to its destination trough two DATA connections, if necessary, in FTP meaning or compatibles, between Hyperserver application and two server applications, applying processes said “during transfer”, Execution of eventual at the end of transfer processes under the control of the agent of Hyperserver application of the aimed application host, synchronized with the dialog of this application and the Hyperserver application, Closing of connections in progress with releasing of eventual end of connection processes, Recording of the events arrived during the sequence in corresponding files (LOG file) as well as statistic information in the journal Hyperserver application file and the transmission of records copies to the concerned Hyperserver agent application to be recorded in appropriated local files. 